Openstack configuration (Release ONE): Difference between revisions
Garciadeblas (talk | contribs) No edit summary |
|||
| Line 1: | Line 1: | ||
=Configure openstack for OSM (basic)= | =Configure openstack for OSM (basic)= | ||
'''1. | '''1. Guarantee that Openstack API endpoints are reachable from OSM (particularly from RO container)''' | ||
'''2. Create a management network, with DHCP enabled, reachable from OSM (particularly from VCA container)''' | |||
''' | You need to create a management network, with DHCP enabled, and guarantee that this management network is reachable from OSM. The network is used by the VCA (Juju) for configuring the VNFs once they are running. It is recommended to create a provider network, isolated from Openstack. For instance, in order to create a provider network using physical interface em1 and VLAN 500 and with CIDR 10.208.0.0/24, you should run the following commands: | ||
neutron net-create mgmt --provider:network_type=vlan --provider:physical_network=physnet_em1 --provider:segmentation_id=500 --shared | |||
neutron subnet-create --name subnet-mgmt mgmt 10.208.0.0/24 --allocation-pool start=10.208.0.2,end=10.208.0.254 | |||
'''3. Create a valid tenant/user''' | |||
You need to create a tenant/user with rights to create/delete flavors. The easiest way is to create a user and assign it the role "admin". Another option is to change the general flavor management policies at file ''/etc/nova/policy.json'' to allow flavor creation per user. | |||
'''4. Upload images''' | |||
OSM will create the needed images into openstack at deployment time, but the process takes a long time and the provided path at VNFD must be accesible by OSM. For this reason, it is recommended to upload the images of the VNFs manually at openstack, using the following command: | OSM will create the needed images into openstack at deployment time, but the process takes a long time and the provided path at VNFD must be accesible by OSM. For this reason, it is recommended to upload the images of the VNFs manually at openstack, using the following command: | ||
| Line 11: | Line 19: | ||
openstack image create --file="./cirros-0.3.4-x86_64-disk.img" --container-format=bare --disk-format=qcow2 --public --property location="/mnt/powervault/virtualization/osm/CirrOS/cirros-0.3.4-x86_64-disk.img" cirros034 | openstack image create --file="./cirros-0.3.4-x86_64-disk.img" --container-format=bare --disk-format=qcow2 --public --property location="/mnt/powervault/virtualization/osm/CirrOS/cirros-0.3.4-x86_64-disk.img" cirros034 | ||
''' | '''5. Modify default security group or create a new one''' | ||
By default openstack apply the "default" security group that blocks any incoming traffic to the VM. However ssh access is needed by VCA. You must modify the default security group to allow TCP port 22 or; create a new security group and configure RO to use this security group when datacenter is addeed (see [[Openstack_configuration_(Release_ONE)#Add openstack at OSM]] ) | By default openstack apply the "default" security group that blocks any incoming traffic to the VM. However ssh access is needed by VCA. You must modify the default security group to allow TCP port 22 or; create a new security group and configure RO to use this security group when datacenter is addeed (see [[Openstack_configuration_(Release_ONE)#Add openstack at OSM]] ) | ||
=Configure openstack for OSM (EPA)= | =Configure openstack for OSM (EPA)= | ||
Besides the instructions above for any Openstack, you should do extra configuration to configure openstack for running VNFs which use SRIOV interfaces. | |||
'''1. Provide a mechanism to connect the SR-IOV interfaces'''. As they are physical ports connected to an external switch, Neutron will not be able to connect them. You can use a physical switch programmed to interconnect the vlan tags among them (not recommened for security reasons). Another solution is to use a ML2 plugin that programs the external switch. | '''1. Provide a mechanism to connect the SR-IOV interfaces'''. As they are physical ports connected to an external switch, Neutron will not be able to connect them. You can use a physical switch programmed to interconnect the vlan tags among them (not recommened for security reasons). Another solution is to use a ML2 plugin that programs the external switch. | ||
Revision as of 09:27, 21 November 2016
Configure openstack for OSM (basic)
1. Guarantee that Openstack API endpoints are reachable from OSM (particularly from RO container)
2. Create a management network, with DHCP enabled, reachable from OSM (particularly from VCA container)
You need to create a management network, with DHCP enabled, and guarantee that this management network is reachable from OSM. The network is used by the VCA (Juju) for configuring the VNFs once they are running. It is recommended to create a provider network, isolated from Openstack. For instance, in order to create a provider network using physical interface em1 and VLAN 500 and with CIDR 10.208.0.0/24, you should run the following commands:
neutron net-create mgmt --provider:network_type=vlan --provider:physical_network=physnet_em1 --provider:segmentation_id=500 --shared neutron subnet-create --name subnet-mgmt mgmt 10.208.0.0/24 --allocation-pool start=10.208.0.2,end=10.208.0.254
3. Create a valid tenant/user
You need to create a tenant/user with rights to create/delete flavors. The easiest way is to create a user and assign it the role "admin". Another option is to change the general flavor management policies at file /etc/nova/policy.json to allow flavor creation per user.
4. Upload images
OSM will create the needed images into openstack at deployment time, but the process takes a long time and the provided path at VNFD must be accesible by OSM. For this reason, it is recommended to upload the images of the VNFs manually at openstack, using the following command:
openstack image create --file="./cirros-0.3.4-x86_64-disk.img" --container-format=bare --disk-format=qcow2 --public --property location="/mnt/powervault/virtualization/osm/CirrOS/cirros-0.3.4-x86_64-disk.img" cirros034
5. Modify default security group or create a new one
By default openstack apply the "default" security group that blocks any incoming traffic to the VM. However ssh access is needed by VCA. You must modify the default security group to allow TCP port 22 or; create a new security group and configure RO to use this security group when datacenter is addeed (see Openstack_configuration_(Release_ONE)#Add openstack at OSM )
Configure openstack for OSM (EPA)
Besides the instructions above for any Openstack, you should do extra configuration to configure openstack for running VNFs which use SRIOV interfaces.
1. Provide a mechanism to connect the SR-IOV interfaces. As they are physical ports connected to an external switch, Neutron will not be able to connect them. You can use a physical switch programmed to interconnect the vlan tags among them (not recommened for security reasons). Another solution is to use a ML2 plugin that programs the external switch.
2. Configure the Neutron controller for using SR-IOV ports
Edit /etc/neutron/plugins/ml2/ml2_conf.ini with the tag and vlan ranges used by the dataplane network
[ml2_type_vlan] network_vlan_ranges = physnet_sriov:3000:3100
3. Configure the compute nodes for using SR-IOV
On each compute node you have to associate the VFs available to each physical network. That is performed by configuring pci_passthrough_whitelist in /etc/nova/nova.conf. So, for example:
pci_passthrough_whitelist = {"vendor_id":"8086", "product_id":"10ed","physical_network":"physnet_sriov"}
Add openstack at OSM
There is a parameter called --config used to suply general guidelines both at datacenter creation and datacenter association to openmano tenant (this later precedes)
openmano datacenter-create openstack-site http://10.10.10.11:5000/v2.0 --type openstack --description "OpenStack site" --config='security-groups: default, keypair: mykey' openmano datacenter-attach openstack-site --user=admin --password=userpwd --vim-tenant-name=admin --config='availavolity_zone: one'
The following configuration can be added:
- security_groups: to be used for the deployment
- availavolity_zone: to be used for the deployment
- keypair: to be added in addition to the keypair allocated on the VNF descriptor
- dataplane_physical_net: The configured network_vlan_ranges at neutron for SRIOV networks, e.g. 'physnet_sriov' in the above configurition